Re: Re: [Snort-devel] IDS vs IPS

[Dragos Ruiu <dr () kyx net>]

Mark. PF is certainly commercial ready. Esp when it's 
regularly used to replace other rather expensive commercial 
units that fall over from the traffic load on production sites :-).

cheers,
--dr
sed -e's/IPS/random error injector or worse/'
sed -e's/IPS with MSSQL backend/DOS at more than 1k blocks\/sec/'

On August 30, 2003 06:08 pm, Jeff Nathan wrote:
Stuff

> On Saturday, August 30, 2003, at 05:43 PM, Mark Teicher wrote:
> > Rather impressive does not mean it is commercial ready.
> > Commercial Ready means it meets or exceeds he criteria of  the
> > definition of the Industry Analysts and can be reviewed by the people
> > who do those rather large network type bake-offs of products and
> > barely understand how the technology works except click "Setup.exe"
> > and pray the Installshield doesn't barf on their system which most
> > likely doesn't meet the vendors stated minimum requirements.  How
> > about db's?? How many of the IPS vendors require MSSQL as their
> > databse of choice??
> >  If the IPS vendors require MS SQL as their database backend, that
> > means the IPS management console can't handle an enterprise type
> > organization without having massive horsepower and some sort of
> > distributed console management technology underlying it.  How many of
> > the industry reviewers actually review that type of scenario.. ??
> >
> > I might not even have to take off my shoes to count. Oh better yet,
> > let me get out my abacus..
> >
> > [/standing on soapbox]
> >
> > Back to my original ranting,  GOOD firewall code hasn't been produced
> > in years..In fact, if someone could dig up Wei Xu, Peter Churchill or
> > Brian Reid.. I am sure they could tell you stories about GOOD firewall
> > code, proxy code and the crud they had to put up with.
> >
> > You know there are still Digital Equipment Corporation Firewalls in
> > place at a major bank in NY/NJ area.. (DECSeal at least 20 of them by
> > my last count).. the technology is 10 years old, and no one has broken
> > into them.. Go figure that one out..  no IDS, no IPS.. Actually in
> > fact, I can also name a few other companies that still have Gauntlet
> > firewalls in place..
> >
> > Was it GOOD firewall code, who knows, but the fact remains, IPS
> > technology is still in its infancy, while Firewalls have been around
> > for almost 15 years, and IDS technology, although not fully matured
> > over 5 years.
> >  IPS is less than 30 months old, and everyone single marketing person
> > expels "IPS is the future, firewalls and IDS are dead"  OK, marketing
> > people, speak up and tell us who the pure IPS vendors are, not
> > firewall and IDS vendors trying to re-define their space and get some
> > marketing mojo going..
> >
> > I even cc;ed a marketing person on the list so that they can respond
> > to the hype and defend themselves in this little thread.. C'mon give
> > us the marketing hype and story..  Anyone else from other vendors
> > marketing department listening/reading..  ??
> >
> > [/slipping off soapbox...]
> >
> > argghhhh, I have fallen underneath the IPS hype and need call the
> > nearest IPS marketing person to get up...
> >
> > P.S. Does this mean I am back to my full lunancy of ranting and
> > raving, not quite sure, but it is fun to be alive again.. Jeff N and
> > Gary C, I owe you two a beer..
> >
> > /cheers
> >
> > /mark
> >
> > At 06:02 PM 8/30/2003, Jeff Nathan wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Mark,
> > >
> > > not entirely true. Dan Hartmeier's packet filter is rather impressive.
> > >
> > > - -Jeff

-- 
Top security experts.  Cutting edge tools, techniques and information.
Tokyo, Japan   November, 2003   http://pacsec.jp
pgpkey http://dragos.com/ kyxpgp


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users